Xataface Forums

Put a face on your database
http://xataface.com/forum/

Limiting posible actions

http://xataface.com/forum/viewtopic.php?f=4&t=3728

Page 1 of 1

PostPosted: Thu Jun 22, 2006 7:07 am
by cinocino
Hi,

in the public part of my project I use Df to publish and accept data from a form for just the Organisation table.

Reading the permission documentation and the post about "modify default action" i wrote this php code in my index.php to prevent any action different from submitting new records in the organisation tables or executing my custom action on the organisation table.

Is this enough?

if ( !@$_REQUEST['-action'] ){
// No action was specified
$_GET['-action'] = 'browse';
$_REQUEST['-action'] = 'get';
$_GET['-new'] = '1';
$_REQUEST['-new'] = '1';
$_GET['-table'] = 'organisation';
$_REQUEST['-table'] = 'organisation';

}

$_GET['-new'] = '1';
$_REQUEST['-new'] = '1';
$_GET['-table'] = 'organisation';
$_REQUEST['-table'] = 'organisation';


tnx
Cino

PostPosted: Thu Jun 22, 2006 12:01 pm
by shannah
Looks like a clever workaround to me. It should work.. although I think you have a typo where you say:
$_REQUEST['-action'] = 'get';
I think you mean
$_REQUEST['-action'] = 'browse';

In 0.6 in development, there is fine-grained permissions support that would have handled this problem, but your solution looks just fine.

Best regards

STeve

PostPosted: Tue Jun 27, 2006 4:30 am
by cinocino
yes, it was a typo (and I cant figure how I put this in the code?!? :)

PostPosted: Tue Jun 27, 2006 9:25 am
by shannah
You should be able to just put it at the beginning of your application's index.php file.
All times are UTC - 7 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/